Описание
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | jetty-eclipse | Not affected | ||
| Red Hat Enterprise Linux 7 | jetty | Not affected | ||
| Red Hat JBoss A-MQ 6 | jetty | Not affected | ||
| Red Hat JBoss BRMS 5 | jetty | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | jetty | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | jetty | Not affected | ||
| Red Hat JBoss Fuse 6 | jetty | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | jetty | Not affected | ||
| Red Hat JBoss Portal 6 | jetty | Not affected | ||
| Red Hat JBoss SOA Platform 5 | jetty | Not affected |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
The path normalization mechanism in PathResource class in Eclipse Jett ...
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
5 Medium
CVSS2